From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BBE4A158232 for ; Sat, 7 Dec 2024 10:33:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 64E74E0EAA; Sat, 7 Dec 2024 10:33:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B64ABE0E84 for ; Sat, 7 Dec 2024 10:33:04 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.178]) by smtp.gentoo.org (Postfix) with ESMTP id 251A5343075 for ; Sat, 7 Dec 2024 10:33:04 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id 0D572C76E5 for ; Sat, 7 Dec 2024 10:33:04 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202412-06 ] Mozilla Thunderbird: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============2939199810200450832==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Sat, 07 Dec 2024 10:33:03 -0000 Message-ID: <173356758404.7.12576105715515737108@3f85d36892cf> X-Archives-Salt: f492cc5a-586a-4ff0-8de2-3b1296e3bd84 X-Archives-Hash: a90702a441fe44c14a1a44f972feebaa --===============2939199810200450832== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202412-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Thunderbird: Multiple Vulnerabilities Date: December 07, 2024 Bugs: #935551, #936216, #937468, #941170, #941175, #942470 ID: 202412-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Background ========== Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages ================= Package Vulnerable Unaffected --------------------------- ------------ ------------ mail-client/thunderbird < 128.4.0 >= 128.4.0 mail-client/thunderbird-bin < 128.4.0 >= 128.4.0 Description =========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.4.0" All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.4.0" References ========== [ 1 ] CVE-2024-5693 https://nvd.nist.gov/vuln/detail/CVE-2024-5693 [ 2 ] CVE-2024-5696 https://nvd.nist.gov/vuln/detail/CVE-2024-5696 [ 3 ] CVE-2024-5700 https://nvd.nist.gov/vuln/detail/CVE-2024-5700 [ 4 ] CVE-2024-6601 https://nvd.nist.gov/vuln/detail/CVE-2024-6601 [ 5 ] CVE-2024-6602 https://nvd.nist.gov/vuln/detail/CVE-2024-6602 [ 6 ] CVE-2024-6603 https://nvd.nist.gov/vuln/detail/CVE-2024-6603 [ 7 ] CVE-2024-6604 https://nvd.nist.gov/vuln/detail/CVE-2024-6604 [ 8 ] CVE-2024-7518 https://nvd.nist.gov/vuln/detail/CVE-2024-7518 [ 9 ] CVE-2024-7519 https://nvd.nist.gov/vuln/detail/CVE-2024-7519 [ 10 ] CVE-2024-7520 https://nvd.nist.gov/vuln/detail/CVE-2024-7520 [ 11 ] CVE-2024-7521 https://nvd.nist.gov/vuln/detail/CVE-2024-7521 [ 12 ] CVE-2024-7522 https://nvd.nist.gov/vuln/detail/CVE-2024-7522 [ 13 ] CVE-2024-7523 https://nvd.nist.gov/vuln/detail/CVE-2024-7523 [ 14 ] CVE-2024-7524 https://nvd.nist.gov/vuln/detail/CVE-2024-7524 [ 15 ] CVE-2024-7525 https://nvd.nist.gov/vuln/detail/CVE-2024-7525 [ 16 ] CVE-2024-7526 https://nvd.nist.gov/vuln/detail/CVE-2024-7526 [ 17 ] CVE-2024-7527 https://nvd.nist.gov/vuln/detail/CVE-2024-7527 [ 18 ] CVE-2024-7528 https://nvd.nist.gov/vuln/detail/CVE-2024-7528 [ 19 ] CVE-2024-7529 https://nvd.nist.gov/vuln/detail/CVE-2024-7529 [ 20 ] CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 [ 21 ] CVE-2024-8381 https://nvd.nist.gov/vuln/detail/CVE-2024-8381 [ 22 ] CVE-2024-8382 https://nvd.nist.gov/vuln/detail/CVE-2024-8382 [ 23 ] CVE-2024-8383 https://nvd.nist.gov/vuln/detail/CVE-2024-8383 [ 24 ] CVE-2024-8384 https://nvd.nist.gov/vuln/detail/CVE-2024-8384 [ 25 ] CVE-2024-8385 https://nvd.nist.gov/vuln/detail/CVE-2024-8385 [ 26 ] CVE-2024-8386 https://nvd.nist.gov/vuln/detail/CVE-2024-8386 [ 27 ] CVE-2024-8387 https://nvd.nist.gov/vuln/detail/CVE-2024-8387 [ 28 ] CVE-2024-8389 https://nvd.nist.gov/vuln/detail/CVE-2024-8389 [ 29 ] CVE-2024-8394 https://nvd.nist.gov/vuln/detail/CVE-2024-8394 [ 30 ] CVE-2024-8900 https://nvd.nist.gov/vuln/detail/CVE-2024-8900 [ 31 ] CVE-2024-9391 https://nvd.nist.gov/vuln/detail/CVE-2024-9391 [ 32 ] CVE-2024-9392 https://nvd.nist.gov/vuln/detail/CVE-2024-9392 [ 33 ] CVE-2024-9395 https://nvd.nist.gov/vuln/detail/CVE-2024-9395 [ 34 ] CVE-2024-9396 https://nvd.nist.gov/vuln/detail/CVE-2024-9396 [ 35 ] CVE-2024-9397 https://nvd.nist.gov/vuln/detail/CVE-2024-9397 [ 36 ] CVE-2024-9399 https://nvd.nist.gov/vuln/detail/CVE-2024-9399 [ 37 ] CVE-2024-9400 https://nvd.nist.gov/vuln/detail/CVE-2024-9400 [ 38 ] CVE-2024-9401 https://nvd.nist.gov/vuln/detail/CVE-2024-9401 [ 39 ] CVE-2024-9402 https://nvd.nist.gov/vuln/detail/CVE-2024-9402 [ 40 ] CVE-2024-9403 https://nvd.nist.gov/vuln/detail/CVE-2024-9403 [ 41 ] CVE-2024-10458 https://nvd.nist.gov/vuln/detail/CVE-2024-10458 [ 42 ] CVE-2024-10459 https://nvd.nist.gov/vuln/detail/CVE-2024-10459 [ 43 ] CVE-2024-10460 https://nvd.nist.gov/vuln/detail/CVE-2024-10460 [ 44 ] CVE-2024-10461 https://nvd.nist.gov/vuln/detail/CVE-2024-10461 [ 45 ] CVE-2024-10462 https://nvd.nist.gov/vuln/detail/CVE-2024-10462 [ 46 ] CVE-2024-10463 https://nvd.nist.gov/vuln/detail/CVE-2024-10463 [ 47 ] CVE-2024-10464 https://nvd.nist.gov/vuln/detail/CVE-2024-10464 [ 48 ] CVE-2024-10465 https://nvd.nist.gov/vuln/detail/CVE-2024-10465 [ 49 ] CVE-2024-10466 https://nvd.nist.gov/vuln/detail/CVE-2024-10466 [ 50 ] CVE-2024-10467 https://nvd.nist.gov/vuln/detail/CVE-2024-10467 [ 51 ] CVE-2024-10468 https://nvd.nist.gov/vuln/detail/CVE-2024-10468 [ 52 ] MFSA-2024-25 [ 53 ] MFSA-2024-26 [ 54 ] MFSA-2024-28 [ 55 ] MFSA2024-29 [ 56 ] MFSA2024-30 [ 57 ] MFSA2024-31 [ 58 ] MFSA2024-33 [ 59 ] MFSA2024-34 [ 60 ] MFSA2024-35 [ 61 ] MFSA2024-38 [ 62 ] MFSA2024-39 [ 63 ] MFSA2024-40 [ 64 ] MFSA2024-41 [ 65 ] MFSA2024-43 [ 66 ] MFSA2024-44 [ 67 ] MFSA2024-46 [ 68 ] MFSA2024-47 [ 69 ] MFSA2024-48 [ 70 ] MFSA2024-49 [ 71 ] MFSA2024-50 [ 72 ] MFSA2024-55 [ 73 ] MFSA2024-56 [ 74 ] MFSA2024-57 [ 75 ] MFSA2024-58 [ 76 ] MFSA2024-59 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202412-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============2939199810200450832== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmdUJF8ACgkQFMQkOaVy +9lIlxAA2mFXXjdLTifb9JiVRY5PRmNLrLEEGeGz34sNtfIpGb47sjjnPWAGisvU 6qq0NcHlqI4SgKSPe1LWq6yttFEwHfTTbEp1lY4a9QF8NUjZcH2DnzFxuikjyqHk Utyxf8fYkszgB43AS6uh9cjMTlhKKg3cgwmac5WG+V6pxg55QdxoDBvbgqUi+ohQ swG6HA/KfuF6/bmwp6oBW9JzB0Keg2ZK/oxgiPyHDJUgX99UB2We/6+Sjbby6fHe Yd5cPr7K8c9flirQoSOaG+HKyn2ry1ou5h+0DQg0+CFtM9/jeBA1/vdERBzkMBlv pMQPwMKH9t5mHFpe6KLsUvEtMxy6mIxi/84tnh3tccn2mOJgCRB5+YJwDy9pEnPB ro3eSqpt4M/Hb2DTvfOV3oGUgpVZNIIzlT3mW9qQcF/Aph9qSyeH6eAzFV1de/Cf INhd5qwNZ1vkvbcPDmd0R7HkN6geef/UqEtW8N99xsrxusWRRZTOvv8EqP/bm8FL KWLa/h3NL33LV+srx6/zO2ZAzRXGbejahPrHdpVRvJSZ2Gx14sZt7lP3f0tuuFtn LvuUvpxi6Kl5C8WxJ07ulqx4t9jUuzjBYU5leopxrBtbx8j44rsN3UbRNvxTkHJn Sw4bAkv/CXh7xl2n4Etwc6nlkdqlXgCvWQGka8iparcjJaGCd2o= =0LbQ -----END PGP SIGNATURE----- --===============2939199810200450832==--